Attack Exposes ATM Vulnerabilities
Two Cambridge University researchers have discovered a new attack on the hardware security nodules employed by banks that makes it possible to retrieve customers' cash machine PINs in an average of 15 tries.
The attack takes advantage of a weakness in the cryptographic model used by many HSMs to encrypt, store and retrieve PINs. The system, used by many ATMs, reads the customer's account number that is encoded on the magnetic strip of the ATM card. The software then encrypts the account number using a secret DES key. The ciphertext of the account number is then converted to hexadecimal and the first four digits of it are retained.
Those digits are then put through a decimalization table, which converts them to a format that's usable on the ATM keypad. By manipulating the contents of this table, it's possible for an attacker to learn progressively more about the PIN with each guess. Using various schemes described in the paper, a knowledgeable attacker could discover as many as 7,000 PINs in a half hour, the authors say.
More at eWeek
- attack ,
- exposes ,
- atm ,
- vulnerabilities
- Everest Base Camp Internet Café Planned
- Legend Computer Plans Foreign Expansion
- Abit Adds OTESIII Technology To NV30 Offering
- Hands-on Preview Of Rise of Nations
- Microsoft Initiative Targets Academia
- FCC Modifies Local Access Rules
- IBM Speeds Up Unix Server
- Microsoft to Debut DRM in Office 2003
- Appellate Court Asks for Clarification in Xerox-Palm Patent Infringement Case
- HP to Unleash Storage Product Blitz
- Storage Vendors Weigh Options at IDF
- SiS Officially Announces Next Generation R659 Chipset
- Sun's AMD Pitch
- Cisco rounds 'em up for WLAN interoperability
- Samsung and LG.Philips LCD to raise March LCD monitor panel prices
- Elpida to move up 0.10-micron production to fiscal 2Q
- February notebook panel contract prices remain unchanged
- It's official! Tri-mode wireless race is on.
